[Samba] Samba permissions

Keith Warno krjw at valaran.com
Fri Jul 29 16:05:36 GMT 2005 

* <sgmayo at mail.bloomfield.k12.mo.us> [29/07/2005 1119EDT]:
> I am working on my permissions and something does not quite make sense 
> to me.  Here is what I have set.
> 
> /DIR          (Unix permissions are 3777)
> 
> Then in samba I have the following
> 
> [dir]
> path = /DIR
> read only = no
> valid users @teach @student
> create mask 3660
> directory mask 3770
> 
> Then from a windows workstation, I create a new directory inside 'dir', 
> and call it 'teach'.
> 
> The permissions of 'teach' are 2770.  It looks like it should be 3770 to 
> me since the 'directory mask' commands does a bitwise 'AND'.  Anyone 
> know why this is?  Maybe it is because of the DOS attributes or something.

You're right about the bitwise AND.

But default mode for a new directory is 0777.  Observe:

kw at pigpen[2]:~$ cd tmp
kw at pigpen[2]:~/tmp$ umask 0
kw at pigpen[2]:~/tmp$ umask
0000
kw at pigpen[2]:~/tmp$ file foodir
foodir: cannot open (foodir)
kw at pigpen[2]:~/tmp$ mkdir foodir
kw at pigpen[2]:~/tmp$ ls -ld foodir
drwxrwxrwx  2 kw users 4096 Jul 29 11:59 foodir

However, your new directory *inherited* the setgid bit (effectively a
bitwise OR); this is simply the behavior of setgid bits on directories.
From the man page for the stat() system call (section 2):

       The set GID bit (S_ISGID) has several special uses: For a
       directory  it indicates  that  BSD  semantics is to be used for
       that directory: files created there inherit their group ID from
       the directory, not  from  the effective  gid  of  the creating
       process, and directories created there will also get the S_ISGID
       bit set.  For a file that does not  have  the group  execution
       bit (S_IXGRP) set, it indicates mandatory file/record locking.

So, for your case:

	(3770 & 0777) | 2000 = 2770

It is doing exactly what it should be doing. :)

Keith

-- 
SA Valaran Corp
GPG: 0xEC705AE9
I put the sh in IT.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20050729/92ed27ec/attachment.bin

More information about the samba mailing list